Welcome to How To Secure Your SMB Network! This is part 6 of a 9 part series that discusses our approach to Network Security and how we secure client networks. As you will see there are many facets that go into creating a secure network. Think of it as puzzle with each piece playing an important role. The days of installing Norton Anti-Virus on your computer and thinking you are safe are over.
What is Endpoint Security
Think of Endpoint Security Software as the last line of defense in our layered approach to securing your SMB network. Endpoint Security Software is installed and runs on each of your workstations and servers. A decade ago, Endpoint Security Software was essentially Anti-Virus software (Think Norton or Symantec Antivirus). A decade ago, this type of software only had to look out for viruses involving rogue code. Fast forward to today and Anti-Virus software is just a small part of Endpoint Security Software.
Today, one can expect that their Endpoint Security solution includes Anti-Virus, Anti-Malware, and Anti-Ransomware. Many leading solutions include things such as Sandboxing (A way to safely execute suspicious applications/code), dynamic firewall and port protection (To prevent Trojans and/or Ransomware from downloading payloads), Email protection (Anti-Spam, Anti-Virus. Anti-Phising), Browser Protection and URL Blocking, USB Protection, the list goes on and on.
How does Endpoint Security Software Work
There are two main approaches that Endpoint Security Software takes. One is Signature or Definition based, the other is Behavior Based.
Signature Based Endpoint Security
Signature based software is very effective against known viruses, ransomware, and malware. This is the approach your classic Anti-Virus Software takes. It works by inspecting files for patterns that match known threats. Malicious code is almost always using a random file name, so inspecting the contents of the files is a must. However, what happens when a brand new threat is rapidly spreading across the internet? This is where a Behavior Based approach shines. Think of a Signature based approach as stereotyping. It’s comparing an application against known bad applications. If they look similar then the security software will flag it. Often, legitimate programs such as network IP Scanners, Wireshark, and others will lead to an alert because they “look” like malicious programs.
Behavior Based Endpoint Security
Behavior Based Software looks at what the potentially malicious application is attempting to do. This is especially effective against encrypting Ransomware variants (Cryptowall, Cryptolocker, CTB-Locker, Locky, etc) that can normally bypass traditional Signature based security. Behavior Based Security Software is constantly looking for applications that may attempt to encrypt your files, it’s looking for network traffic to Tor networks that are used to download malicious payloads anonymously. The big advantage of Behavior Based over Signature Based, is that Behavior Based approaches can protect against malicious code that it has never seen before. While there are thousands upon thousands of Malware and Virus variants, they all utilize a relatively small number of behaviors to do their damage. Look for those behaviors and you can prevent it.
What to look for in Endpoint Security Software
Choosing an Endpoint Security Software package can be daunting. There are so many options and so many different “reports” and “studies” that claim to be the best. Most of the leading solutions are very similar in their capabilities and pricing. Most solutions are also combining both Signature Based and Behavior Based security into one package.
An important metric to look for is the resource overhead of your Endpoint Security Software. If a solution blocks every threat it ever encounters, but slows your computer to a crawl because of the CPU and Memory resources it requires, it’s worthless. The goal is to combine low overhead with fantastic threat protection.
Cloud based Endpoint Protection
Cloud based Endpoint Protection is a growing trend. These products merge detected threat data from across their user base to increases the level of protection. When one agent encounters a new threat, it can immediately make that information available to other agents around the world, increasing the effectiveness of the product.
How To Secure Your SMB Network – E-Book
This is the sixth part of a nine part series that details How To Secure Your SMB Network. Every Wednesday we will post a new section that gives details and examples on how Banks Technology Services secures out client’s networks. We have compiled all of this information into into an EBook which you can download for free. The E-Book contains additional information, real world examples, and is updated as new technology emerges. To receive your FREE copy, head on over to the How To Secure Your SMB Network page.